Have just been looking at my MySQL user permissions during a security audit and have noticed about 20 MySQL users have been created with random names such as 'bug115166_10073'. They don't have any permissions enabled at all and I'm the only one who moderates the database.

Can anyone think what these might be and where they've come from? Seeing as there are zero permissions assigned to these users I assume they're safe to remove?

2 Answers
2

Here is why : Anonymous users have access to any database whose first 4 letters are test. You can perform lots of CRUD intensive things in a test database. You may also want to rename the test databases to something completely different. Please read these links because I have addressed this issue before in the DBA StackExchange.

On Unix, MySQL comes with a mysql_secure_installation script that can
perform several helpful security-related operations on your
installation. The script has the following capabilities:

Set a password for the root accounts

Remove any remotely accessible root accounts.

Remove the anonymous user accounts. This improves security because
it prevents the possibility of anyone connecting to the MySQL server
as root from a remote host. The results is that anyone who wants to
connect as root must first be able to log in on the server host, which
provides an additional barrier against attack.

Remove the test database (If you remove the anonymous accounts, you
might also want to remove the test database to which they have
access).

Extending from @Pekka's rhetorical question in the comments, check your existing valid users' permissions. You probably have an application account that has the CREATE USER privilege but not GRANT. To prevent this from happening in the future, revoke CREATE USER from all but your administrative accounts.